From 327bb13d32ca17de34233146aaec5ed2dad0c8fa Mon Sep 17 00:00:00 2001 From: Lord Hepipud Date: Tue, 4 Jan 2022 20:14:59 +0100 Subject: [PATCH] Fixes maximum user length for JEA profiles --- doc/100-General/10-Changelog.md | 1 + lib/core/jea/Install-IcingaJeaProfile.psm1 | 7 +++++++ lib/core/windows/Install-IcingaSecurity.psm1 | 7 +++++++ lib/core/windows/New-IcingaWindowsUser.psm1 | 10 ++++++++++ 4 files changed, 25 insertions(+) diff --git a/doc/100-General/10-Changelog.md b/doc/100-General/10-Changelog.md index 69d18e3..8b1e391 100644 --- a/doc/100-General/10-Changelog.md +++ b/doc/100-General/10-Changelog.md @@ -18,6 +18,7 @@ Released closed milestones can be found on [GitHub](https://github.com/Icinga/ic * [#403](https://github.com/Icinga/icinga-powershell-framework/pull/403) Fixes memory leak on newly EventLog reader for CLI event stream * [#407](https://github.com/Icinga/icinga-powershell-framework/pull/407) Removes unnecessary module import inside `Invoke-IcingaNamespaceCmdlets` * [#411](https://github.com/Icinga/icinga-powershell-framework/pull/411) Fixes Icinga Director error message output because of missing `[string]::Format()` +* [#412](https://github.com/Icinga/icinga-powershell-framework/issues/412) Fixes possible defective state of the Icinga Agent by using a custom service user for JEA profiles which is larger than 20 digits * [#418](https://github.com/Icinga/icinga-powershell-framework/pull/418) Fixes crash on wrong variable usage introduced by [#411](https://github.com/Icinga/icinga-powershell-framework/pull/411) ### Enhancements diff --git a/lib/core/jea/Install-IcingaJeaProfile.psm1 b/lib/core/jea/Install-IcingaJeaProfile.psm1 index 7279a18..e1e3972 100644 --- a/lib/core/jea/Install-IcingaJeaProfile.psm1 +++ b/lib/core/jea/Install-IcingaJeaProfile.psm1 @@ -13,6 +13,13 @@ function Install-IcingaJEAProfile() return; } + # Max length for the user name + if ($IcingaUser.Length -gt 20) { + Write-IcingaConsoleError 'The specified user name "{0}" is too long. The maximum character limit is 20 digits.' -Objects $IcingaUser; + + return; + } + Write-IcingaConsoleNotice 'Writing Icinga for Windows environment information as JEA profile' Write-IcingaJEAProfile -RebuildFramework:$RebuildFramework -AllowScriptBlocks:$AllowScriptBlocks; Write-IcingaConsoleNotice 'Registering Icinga for Windows JEA profile' diff --git a/lib/core/windows/Install-IcingaSecurity.psm1 b/lib/core/windows/Install-IcingaSecurity.psm1 index d201c14..0eeb753 100644 --- a/lib/core/windows/Install-IcingaSecurity.psm1 +++ b/lib/core/windows/Install-IcingaSecurity.psm1 @@ -12,6 +12,13 @@ function Install-IcingaSecurity() return; } + # Max length for the user name + if ($IcingaUser.Length -gt 20) { + Write-IcingaConsoleError 'The specified user name "{0}" is too long. The maximum character limit is 20 digits.' -Objects $IcingaUser; + + return; + } + Install-IcingaServiceUser -IcingaUser $IcingaUser; Install-IcingaJEAProfile -IcingaUser $IcingaUser -RebuildFramework:$RebuildFramework -AllowScriptBlocks:$AllowScriptBlocks -ConstrainedLanguage:$ConstrainedLanguage; diff --git a/lib/core/windows/New-IcingaWindowsUser.psm1 b/lib/core/windows/New-IcingaWindowsUser.psm1 index 14b4b8d..0f74cca 100644 --- a/lib/core/windows/New-IcingaWindowsUser.psm1 +++ b/lib/core/windows/New-IcingaWindowsUser.psm1 @@ -13,6 +13,16 @@ function New-IcingaWindowsUser() }; } + # Max length for the user name + if ($IcingaUser.Length -gt 20) { + Write-IcingaConsoleError 'The specified user name "{0}" is too long. The maximum character limit is 20 digits.' -Objects $IcingaUser; + + return @{ + 'User' = $null; + 'SID' = $null; + }; + } + $UserMetadata = Get-IcingaWindowsUserMetadata; $UserConfig = $null;